Facebook blasted by privacy advocates, lawmakers over data-sharing agreements

Facebook drew widespread, scathing criticism from privacy advocates and lawmakers on both sides of the Atlantic on Thursday for not disclosing the extent of its wide-ranging data-sharing deals that gave other tech firms access to private user data and information.

The world's largest social network is reeling from a massive New York Times investigation that examined more than 150 agreements Facebook had with partners including Apple, Netflix, Spotify and Amazon, to allow the companies to access users' names, contact information and private messages. In a second blog post responding to the outcry, Facebook said these agreements were publicly discussed and available when users logged into the other services with Facebook. Some of the agreements date back to the platform's early years.

The company's mea culpa and bullet-pointed explanations have not stopped the growing calls for federal privacy regulation or penalties via the ongoing Federal Trade Commission (FTC) investigation.


"It's time that Congress got serious about protecting the privacy, the data, the personal confidential information of hundreds of millions of Americans," said Josh Hawley, U.S. Senator-elect from Missouri, on Fox News' Tucker Carlson Tonight. "[Facebook] said they would not share personal, private confidential data of users without the users' consent. It looks like that's exactly what Facebook is doing, though, that they are sharing that data in order to make a profit without users' consent."

Hawley, a Republican and constitutional lawyer, also called on the FTC to examine whether the latest revelations put the tech giant in violation of the consent decree that the tech giant signed in 2011. Facebook has denied that the data-sharing arrangements violate the 2011 consent decree, but privacy advocates have said the Menlo Park, Calif., company is likely in violation of its terms.

Privacy advocates said Facebook no longer deserves the trust of its 2.2 billion users, whose constant sharing on the platform fueled the company's $13.7 billion third-quarter revenue.

Privacy advocates said Facebook no longer deserves the trust of its 2.2 billion users, whose constant sharing on the platform fueled the company's $13.7 billion third-quarter revenue. (AP Photo/Richard Drew)

Sen. Richard Blumenthal, D-Conn., said the FTC's probe is moving at a "snail's pace" and "becoming a bad joke."

"Congress must act promptly & powerfully next session with a strong privacy protection law that will protect against such intrusive, abusive misuse of consumer information," Blumenthal said in a statement on Twitter. "Hoping for renewed Commerce Committee hearings in early January!"

Privacy advocates said Facebook no longer deserves the trust of its 2.2 billion users, whose constant sharing on the platform fueled the company's $13.7 billion third-quarter revenue.

"We are particularly troubled the Times' new report that Facebook is undermining user privacy by misinterpreting the term "service provider," which is an exception to the privacy rules in the FTC's 2011 consent order," the Electronic Frontier Foundation (EFF), a nonprofit digital rights organization, said in a blog post.


According to the EFF, many data privacy rules limit the transfer of personal data from one company to another because such arrangements can increase the risk of theft by hackers or misuse by employees, and other uses that consumers could not anticipate. But the privacy rules often exempt so-called service providers. "A company might not be required to get consent before storing consumers' data with a third-party data storage service, provided the storage service does nothing with the data except store it," the nonprofit said.

The EFF said it is "alarmed" by how Facebook's privacy director, Stephen Satterfield, interprets the "service provider" exception, as detailed in the Times story:

With most of the partnerships, Mr. Satterfield said, the F.T.C. agreement did not require the social network to secure users’ consent before sharing data because Facebook considered the partners extensions of itself — service providers that allowed users to interact with their Facebook friends. The partners were prohibited from using the personal information for other purposes, he said. 

"To the contrary, the kinds of company-to-company data sharing described in the new Times article do not fall within any reasonable definition of 'service provider,'" the EFF said.

“Every single time that you share something on Facebook or one of our services, right there is a control in line where you control who you want to share with,” Zuckerberg told the US Congress earlier this year. This is a lie," wrote Siva Vaidhyanathan, professor of media studies at the University of Virginia, in a Guardian op-ed.


Kate Crawford, the co-founder of the AI Now Institute at New York University, said the New York Times investigation exposes that user control of data online is a myth.

"The total lack of respect for user wishes is the infinitely repeating scandal of 2018," Crawford added.

David Cicilline, D-R.I., tweeted: "Zuckerberg told Congress that Facebook users had “complete control” over their data. Sure looks like he lied."

Amid the data-sharing fallout, Facebook's shares dropped over 7 percent and are down about 24 percent for the year. In addition, the Association of National Advertisers on Tuesday said the FTC should advocate for a new federal law governing how all advertisers collect and use consumer data, as a way to pre-empt regulation by individual states.

"Based on these revelations, I’m concerned that Facebook may have provided @EnergyCommerce with inaccurate, incomplete, or misleading responses to our questions, and we’ll be following up," said New Jersey Rep. Frank Pallone, a Democrat, on Twitter.

Facebook, which previously provided an explanation of the data-sharing agreements in a blog post, is still grappling with fallout from Cambridge Analytica, in which a data-mining firm was allowed to access the information of up to 87 million users. On Wednesday, D.C. Attorney General Karl Racine filed a lawsuit, which could potentially be joined by other states' attorneys general, alleging that CEO Mark Zuckerberg's company told users that it would protect their personal information, but allowed the developer of a personality quiz app to collect and sell the data of users who hadn't downloaded or used the app.


Damian Collins, chair of the United Kingdom's powerful Digital, Culture, Media and Sport Committee, which has been probing Facebook's actions in relation to the spread of disinformation, said that Facebook should appear before the committee to explain its data policies.

"We have to seriously challenge the claim by Facebook that they are not selling user data. They may not be letting people take it away by the bucket load, but they do reward companies with access to data that others are denied, if they place a high value on the business they do together," Collins said in a statement. "I feel that we have been given misleading responses by the company when we have asked these questions during previous evidence sessions."

In his appearance on Tucker Carlson Tonight, Sen. Hawley suggested a broader inquiry into Big Tech might be needed.

"I think it's time we looked at the effect big tech is having on our personal lives, on our families, on our schools, on our society. These are major companies. Many of them monopolies. They make billions of dollars a year. There've never been more powerful companies in the history of the world, and they need to be held accountable," the Missouri senator said.

New York Attorney General Barbara Underwood told the Times through a spokesperson that her office, which is already investigating Facebook, would also examine the newly revealed data-sharing partnerships as part of that probe.